Analysis
-
max time kernel
71s -
max time network
131s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
26/02/2025, 17:23
Behavioral task
behavioral1
Sample
zboti686.elf
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
1 signatures
150 seconds
General
-
Target
zboti686.elf
-
Size
159KB
-
MD5
132b6aeefa560fb5c9467c38f972dcb7
-
SHA1
bff41437f571330bee8e852033a13d854cc6625d
-
SHA256
a2a6ff1fef59ee49883572b54f7a76e152131e37c00fb1f3054c3a847a2e939c
-
SHA512
7eb1658e095d3079f4bb29c070edcd9bdd5f6980a80bd209ef5e01dd0692eab7fdad8a46a6e6d393d165553c4383eed58a89702c3b8ab292a9cbe916988bde0e
-
SSDEEP
3072:7rgPPA4gkseHk675G4g/0jmJsRPlhw3PWtQL1RTAhHflATpenk:7IPjyB/0iJspPwfWtQL1RTAhHflATpek
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2819 zboti686.elf 2819 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf 2820 zboti686.elf